Posted
by
timothy
on Wednesday May 20, 2009 @03:06PM
from the good-on-them dept.

Saint Aardvark writes "The Free Software Foundation has announced that they've settled their lawsuit with Cisco (reported earlier here). In the announcement, they say that Cisco has agreed to appoint a Free Software Director for Linksys, who will report periodically to the FSF; to notify Linksys customers of their rights; and to make a monetary donation to the FSF. An accompanying blog entry explains further: 'Whenever we talk about the work we do to handle violations, we say over and over again that getting compliance with the licenses is always our top priority. The reason this is so important is not only because it provides a goal for us to reach, but also because it gives us a clear guide to choosing our tactics. This is the first time we've had to go to court over a license violation.'"

Or maybe the FSF (unlike some other IP-related litigants out there) only wants people to comply with the GPL, and will settle once the defendant agrees to do so (as opposed to extorting money out of the defendants)?

FSF should've claimed the attorney-fees-to-date it had to incur, but that's about it. If they were to push for any kind of "punitive" damages, or *AA-style ridiculous "compensation fees" that would portray them as just another trolling IP extortionist. Kudos to the FSF for going for what's right rather than what's rich.

Why should they? If you get what you want with out the risk of a trialyou are MUCH better off. Trials are risky,they do not always go as planned.As for a cooperative solution , much better (and cheaper) than an advisarial one.As for change , I hope not, they seem to be doing well.

Cisco releasing the source code for thousands of routers doesn't strike me as being a good thing. I mean it's one thing to develop in an open environment and being open from the start, and I agree security though obscurity is bound to fail but as someone running Linksys routers on my network, I would expect there to be some stepped process, as I don't trust Cisco was totally competent in their development. Imagine if windows source was suddenly made available to the masses, the time it would take to identify, patch, and distribute a fix vs the time it takes to just identify and exploit is a significant window of vulnerability. Security through obscurity doesn't work because it assumes no one will ever find out and people will. But dissemination of that information takes time. Discovery of defect takes time. Opening the source of a previously closed product greatly reduces that time and therefore intensifies the threat. Overall this will lead for a much stronger product but I fear what is going to happen in the first few weeks.

I'm not real big on the GPL, but this is hardly a shakedown. More like repeatedly begging them to abide by the terms they agreed to, taking them to court, then settling before going to trial where more $$ could have be obtained from them.

FSF wanted Cisco to follow the agreement, not to suck money from the company.

Cisco decided to release their sources right when they used GNU licensed code. If there is a security risk because of being open, it will be their fault and not RMS:)

I think it won't be a bad thing, you will see amazing amount of obvious flaws will be fixed in months as result of it. Especially home devices will benefit. Don't worry, MS thought home users (with unfortunate reasons) that they should update their software for security, performance. All Cisco/Linksys product I have is a dumb gigabit switch but I am sure the smart stuff already has easy update functionality.

That is what I mean. Some licenses are great and some suck. But some software seems to have a great license but links to software that has a crappy one. Thus you may have just blessed your own product with the crappiest of the bunch. If you link to 100 MIT licensed libraries and 1 of those also links to a GPL licensed product, then you are screwed. Now that QT has gone LGPL I am a happy camper but that happiness goes away if I statically link to QT.

You misunderstand. Just because you release the code, it doesn't magically become as secure because it's "open source". Open Source is secure because it goes through a process. A process this code didn't see. That process allows for corrections when errors are made. This process takes time. And what I said in my original post is that there is going to be a window between when we, the community, improve the quality of product up to other open source standards, and when the source code is released, during which time there is an elevated threat.

Nearly all software products have vulnerabilities. With open source products, those vulnerabilities get fixed faster, making them more secure. They get developed in ways that are security conscience because the community is watching. With closed source vulnerabilities get discovered slower, but get fixed slower so there's no gain. Additionally, they don't go through the same focus and scrutiny during development, so they tend to have more vulnerabilities at release. Taking something that was developed in secret, widely implemented and then divulging the source doesn't get you any of the benefits of either. Vulnerabilities and exploits are near instantly apparent and discovered, and you don't have the benefit of open development.

If just having the source open to everyone is more secure, then don't ever bother to update firefox or whatever browser your running ever again. Keep doing your banking online with it. Knowing something has security holes is one thing. Telling the world what those security holes are is another thing, especially since there's not development process ready to respond to the vulnerabilities yet. This is like taking a browser that hasn't been patched for two years and pushing it to every third computer in the US. There's going to be a race to patch the system to make it secure and exploit the vulnerabilities and I'm not sure that's something I like.

Yep, a supposed 'computer wizard' who couldn't even disassemble a printer driver is personally responsible for dividing the FOSS world in two by acting like a complete fucknuckle towards those who share 99% of his philosophy.

I'm tired of hearing people claim that the FSF is anything other than a disease, to be honest. Maybe back when they were still actually developing or maintaining software, you might have been able to claim that they were doing something useful; but these days they don't really do anything other than rabble rouse and occasionally legally harass people.

I know, I know...you're going to say that the only reason why the FSF goes after people in court is because they violate the GPL. If the GPL wasn't blatantly anticommercial, however, it wouldn't be an issue; if Cisco had simply used something BSD licensed, they could have done what they liked and the court case never would have happened.

Of course, we know the reason why people who have no intention of complying with the GPL use it; it's because they want to curry favour with the freaks who've drunk sufficient amounts of Stallman's Kool Aid that they actually think it's a genuinely worthwhile license.

The GPL 2 I can tolerate, but the GPL 3, no. The license aside, however, one thing that has always been true is that the FSF are a textbook destructive cult, and Stallman himself is the proverbial aspirant cult leader; he's the computing world's answer to Lefayette Ronald Hubbard.

Development of the GNU project has been primarily handed over to Red Hat at this point, and as I've already said, I consider the GPL 3 a bad and overly restrictive license, even if v2 wasn't. Given those two points, the FSF have been reduced to not much more than a group of low budget terrorists, and the organisation should thus be abolished at this point. If it has ceased maintaining software or generating real code, it has outlived its' usefulness.

Little bitter?

The canard that the GPL is "anticommercial" is silly, but it's repeated often enough it's worth dismantling.

The GPL is not in any way anticommercial. It explicitly permits commercial use. When I license my code under the GPL, I'm accepting that someone can take that code and make billions from it, and they will not owe me a nickel. I'm not presenting that as a negative, mind you. When one licenses under any free license, that is one of the freedoms one is granting to everyone in the world.

Many proprietary licenses, on the other hand, are "blatantly anticommercial", in that they contain restrictions or additional payment/royalty requirements for commercial use, or ban various types of commercial use entirely. Try making an improved version of the Windows kernel and offering it for sale. You will very quickly see "blatantly anticommercial", and I would venture a guess that this would come in the form of "legally harass[ing]" that would be quite swift and more than occasional. It will happen every time.

What the GPL does require is quite simple. If you're going to take my code, improve it, and profit from it, you're required to share those improvements, just as I did for you in the first place. And even that's only true if you redistribute. If you improve my code and use it for your own in-house purposes, but do not distribute it, you don't even have to follow that requirement. It's only when you start distributing that code that the requirement to share the source kicks in.

There are anticommercial licenses out there, including effectively all proprietary licenses and many others. One Creative Commons license (CC-NC) is quite explicitly anticommercial. That's its very name, "noncommercial"! That does not of course mean commercial use is impossible, as anyone who wants to use material licensed under such a license is free to contact the copyright holder and work out terms for it to be licensed to them for commercial distribution. This license serves those who are willing to say "I will let you redistribute and modify this if not for a profit, but if you intend to ma